Phishing

Over time, phishing attacks have evolved considerably. Years ago, they were simple mass email campaigns impersonating banks and were often poorly written. Detecting these attacks has now become more difficult, due to the creation of fake websites with HTTPS certificates, the use of similar logos and domains, and hyper-personalized messages leveraging AI and automation.

The most sophisticated types of phishing are:

• Spear phishing: These attacks target a specific victim with highly personalized messages, based on personal or professional information.
• Whaling: Attacks on executives or high-profile individuals, for financial purposes or industrial espionage.
• Vishing and smishing: Attacks using fake identities through voice calls (VoIP) or SMS.
• BEC (Business Email Compromise): Impersonation of company executives to divert funds or obtain key information.
• Pharming: Manipulation of DNS addresses to redirect users to fraudulent sites, even if they enter the correct URL.

Cybercriminals take advantage of new technologies and digital habits. Recent threats include:

• QR phishing (Qishing): Scams using QR codes that redirect users to fake sites.
• MFA bombing: Continuous sending of authentication alerts to force the user to accept a malicious request.
• Phishing on P2P platforms: This involves scammers impersonating legitimate buyers or sellers on online platforms.
• Phishing with deepfakes: Attacks using faked voices or faces to ensure potential victims trust the fake videos or audios used.

Phishing is no longer just credential theft. Now it leads to malware downloads (ransomware, banking Trojans), account hijacking, or even financial fraud.

Its ability to play on people’s emotions (urgency, fear, trust) and the level of personalization and use of AI make it one of the most effective threats in today's cybercrime scenario.

Protecting yourself from phishing requires a combination of education in prevention, technological tools, and strict digital habits. If you know how attacks work, you will be better prepared to avoid them. Here are the key points:

Avoid clicking directly on suspicious links.

If you are unsure, type the URL yourself in the browser.

Verify links and senders

Point to the links, check for HTTPS, and detect inconsistencies in the email address. Be extremely careful when scanning QR codes.

Do not share confidential data

Do not share confidential data via email, phone, or SMS. No genuine company or organization will ask for confidential information in this way.

Be wary of alarmist messages compelling urgency

Messages that say 'Your account has been blocked!' are a classic phishing tactic.

Enable two-factor authentication (2FA)

Although it can be attacked, adding an extra layer of security remains a great defense.

Keep your devices updated

Keep your devices updated with security patches and use professional antivirus solutions such as Panda Dome. This is a comprehensive cybersecurity solution that includes tools to detect and block fraudulent sites, malicious files, and scans QR codes before opening them.

Train yourself to be digitally astute and improve your knowledge

Conduct drills or internal courses if you are part of an organization.

A balanced approach combines technology, education, and critical thinking. This significantly reduces the risk of falling into digital traps. If you have any questions or want to improve your knowledge and stay informed, check out our guides in Panda’s Blog.